About rED Cap

REsearchData CAPture

rED Cap is a GXP validated web-based product developed by Biostat International, Inc. for managing multi-site clinical research studies securely and safely over the Internet.

Compliant with 21CFR Part 11

Supports HIPAA guidelines

It is designed as a standard-based, extensible platform. In particular, it is ODM v1.2.1 and ODM v1.3.1 compliant Clinical Data Warehouse.

Makes sure that all communications between our clients and our server are encrypted using strong 128-bit SSL certificate. No account information, documents or data are transmitted over the Internet without our string 128-bit SSL encryption

User Requirements:

HIPAA Privacy & Security Best Practices

In rED Cap all privacy and security provisions of the HIPAA guidelines are carefully addressed. These provisions are implemented in the system using a number of key technologies and best practices:

Authentication: Assurance of identity of person or originator of data.

Secure Login: The application uses the industry standard to authenticate the identity of users that log into the system.

The application fully supports configurable password aging. It supports hacking detection by disabling the access for a configurable amount of time after a series of consecutive failed logins.

Encrypted Passwords: The application uses the industry standard SHA1 hash to protect user passwords. Each user is assigned a unique activation code and a user must explicitly activate the account and set the password.

Secure Connection: Using HTTPS and SSL in the server with a strong 128-bit SSL certificate.

All database updates and changes are logged using an application-level logging API.

Authorization: Ensure users have the permissions to perform certain actions.

Security Roles & Permissions: A permission system is implemented at both the server level (protecting the application) and at the application level (protecting specific functions), regulating access to only the authorized users and roles.

Availability: Ensure information is available to authorized parties.

Secure Firewall: The application is deployed with placement of the database server behind the firewall on the network to protect access from the outside.

Confidentiality Agreements: All BSI developers and employees are required to sign a confidentiality agreement, acknowledging they understand and continue to follow all company security policies.

Auditing: Track who, when, where, what and how accesses and updates to data and documents are made. Audit trails are stored in our secure database server.

Audit trails: The system captures and logs all activities and events. It has about 130 events that it tracks. All activities are logged in the database for easy audit, analysis and report.

Tracking document uploads and downloads: The system captures, stores and allows reporting of all uploads and downloads. User name, user’s browser, user’s Internet IP, date and time, exact action taken. All is available for auditing.